diff --git a/elinks-0.12pre6-openssl11.patch b/elinks-0.12pre6-openssl11.patch
new file mode 100644
index 0000000..92f2f0d
--- /dev/null
+++ b/elinks-0.12pre6-openssl11.patch
@@ -0,0 +1,32 @@
+diff -up elinks-0.12pre6/src/network/ssl/socket.c.openssl11 elinks-0.12pre6/src/network/ssl/socket.c
+--- elinks-0.12pre6/src/network/ssl/socket.c.openssl11	2017-02-17 16:41:26.346909430 +0100
++++ elinks-0.12pre6/src/network/ssl/socket.c	2017-02-17 16:40:34.000000000 +0100
+@@ -82,6 +82,11 @@
+ static void
+ ssl_set_no_tls(struct socket *socket)
+ {
++#if 0
++/* This implements the insecure renegotiation, which should not be used.
++ * The code also would not work on current Fedora (>= Fedora 23) anyway,
++ * because it would just switch off TLS 1.0 keeping TLS 1.1 and 1.2 enabled.
++ */
+ #ifdef CONFIG_OPENSSL
+ 	((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1;
+ #elif defined(CONFIG_GNUTLS)
+@@ -96,6 +101,7 @@ ssl_set_no_tls(struct socket *socket)
+ 		gnutls_protocol_set_priority(*(ssl_t *) socket->ssl, protocol_priority);
+ 	}
+ #endif
++#endif
+ }
+ 
+ #ifdef USE_OPENSSL
+@@ -419,7 +425,7 @@ ssl_connect(struct socket *socket)
+ 		}
+ 
+ 		if (client_cert) {
+-			SSL_CTX *ctx = ((SSL *) socket->ssl)->ctx;
++			SSL_CTX *ctx = SSL_get_SSL_CTX((SSL *) socket->ssl);
+ 
+ 			SSL_CTX_use_certificate_chain_file(ctx, client_cert);
+ 			SSL_CTX_use_PrivateKey_file(ctx, client_cert,
diff --git a/elinks.spec b/elinks.spec
index c549202..50cb048 100644
--- a/elinks.spec
+++ b/elinks.spec
@@ -3,7 +3,7 @@
 Name:      elinks
 Summary:   A text-mode Web browser
 Version:   0.12
-Release:   0.49.%{prerel}%{?dist}
+Release:   0.50.%{prerel}%{?dist}
 License:   GPLv2
 URL:       http://elinks.or.cz
 Group:     Applications/Internet
@@ -44,6 +44,7 @@ Patch14: elinks-0.12pre6-ssl-hostname.patch
 Patch15: elinks-0.12pre6-list_is_singleton.patch
 Patch16: elinks-0.12pre6-lua51.patch
 Patch17: elinks-0.12pre6-libidn2.patch
+Patch18: elinks-0.12pre6-openssl11.patch
 
 %description
 Elinks is a text-based Web browser. Elinks does not display any images,
@@ -96,6 +97,9 @@ quickly and swiftly displays Web pages.
 # add support for GNU Libidn2, patch by Robert Scheck (#1098789)
 %patch17 -p1
 
+# drop disablement of TLS1.0 on second attempt to connect
+%patch18 -p1 -b .openssl11
+
 # rename the input file of autoconf to eliminate a warning
 mv -v configure.in configure.ac
 sed -e 's/configure\.in/configure.ac/' \
@@ -174,6 +178,11 @@ exit 0
 %{_mandir}/man5/*
 
 %changelog
+* Fri Feb 17 2017 Tomáš Mráz <tmraz@redhat.com> - 0.12-0.50.pre6
+- drop disablement of TLS1.0 on second attempt to connect,
+  it would not work correctly anyway and the code does not build
+  with OpenSSL-1.1.0
+
 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.12-0.49.pre6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild